Facebook dominates the privacy agenda

A social network users' bill of rights could be on the cards

In writing the 1948 novel Nineteen Eighty-Four, George Orwell explicitly considered the interaction of privacy and freedom. He imagined a single Big Brother that watched and controlled everyone, but he was writing before the arrival of computers.

The annual ACM Computers, Freedom, and Privacy (CFP) conference in San Jose has a more complex world to consider. Not only do computers and networks complicate the situation but Orwell never imagined a world in which thousands of Little Brothers (companies, local government agencies, advertisers) jockey for tracking opportunities.

If a theme dominated this year's CFP, the 20th in the series, it was Facebook and other social networks. On Tuesday, 10 privacy organisations, many of which sent representatives to this conference, wrote an open letter to Facebook requesting that the company improve its privacy policies. Facebook's response was not encouraging.

In that respect, the up-and-comer of today is at odds with the up-and-comers of previous years. Peter Cullen, Microsoft's chief privacy strategist, sees privacy as a key issue, as does Kent Walker, the 1997 CFP chairman, now vice president and general counsel at Google.

CFP always brings together widely disparate points of view and expertise with the goal of peering ahead to see where today's emerging technologies will spark future conflicts and to pre-emptively consider possible solutions. The problems posed by cloud computing were a popular topic this year.

Miranda Mowbray, a researcher at HP's Bristol labs, noted that privacy concerns have created a significant business opportunity for European providers, since European Union data protection law does not allow companies to export data to the US.

Brad Templeton, internet pioneer and former chairman of the Electronic Frontier Foundation, proposed to protect privacy in cloud computing by effectively creating what he called the equivalent of a bank's safe deposit box by separating application and data.

A user would work on data by pulling an application from the cloud into a Java virtual machine to work on information stored either at a separate service provider or on-site.

Other forward-looking panels considered the problem of domestic robots and privacy, and considered the legal, ethical and moral consequences of superpowers. Mowbray, who led the latter panel, which included University of Central Lancashire researcher Judith Rauhofer, pointed out that augmented humans have long been studied by fantasy and science fiction authors.

While there may be some argument about what constitutes a cyborg, Mowbray pointed out that these issues are with us now: the number of automated accounts on Twitter was as high as 24 per cent last year, and that percentage is climbing steeply.

Social networks are not entirely new; people were posting intimate information and sharing it with strangers as long ago as the mid 1980s, when services like CIX and the WELL were founded.

What is new today is the scale: Facebook's 400 million users is reaching a noticeable percentage of the world's population. As a result, this year's CFP chairman, Jon Pincus, has put considerable weight behind drafting and promulgating a social network users' bill of rights to put pressure on social networks to behave responsibly with respect to privacy.

The project is more difficult than it may sound. As cyber law specialist Lauren Gelman pointed out, there are fundamental conflicts between some elements of privacy design.

If, for example, you allow data portability, as many users would like, i.e. the right to collect your data and move it to a different system, how do you also implement the right to delete your account and all its data, as almost everyone thinks ought to be possible?

Pam Dixon, founder and executive director of the World Privacy Forum, summed it up by saying that ultimately "we want to be able to use technology without being used by it".

This discussion also makes plain, however, how far ahead Europe is in legal terms: data protection law already grants rights such as limitations on secondary use without consent. Americans may, ironically, wind up being best protected by the EU; the Article 29 Data Protection Working Party warned Facebook in May that the most recent changes to its privacy settings were unacceptable.

Yet in other areas Europe and the US are in the same leaky boat. Christina Zaba, here representing No2ID, pointed out the provisions in the ID Cards repeal bill that will quickly extend data sharing powers to cover millions of people.

Travel data privacy expert Edward Hasbrouck noted that the information mandated for inclusion in passports is largely determined at meetings of the International Civil Aviation Organisation (ICAO) that are closed to civil society.

"Governments push for specific things, then say ICAO is mandating them. For example, biometrics in passports," he said.

This is, Hasbrouck added, a process that's very hard to influence because by the time the results have become public it's too late, and neither media nor non-governmental organisations can effectively cover a process that may take 10 years to produce results.

Like many writers of dystopian fiction, Orwell never explained exactly how his society reached its nadir. It seems certain he never imagined people would voluntarily hand over their most personal information and pay to carry an excellent tracking device - their mobile phones.